Divný restart,odkazuje na Protonet.ru
Napsal: 23 zář 2010 14:30
Při restartu počítače se mi v pravém dolním rohu na krátkou chvilku zobrazí nápis Protonet.ru
nevíte co s tím?
ComboFix 10-09-22.06 - Pavel 23.09.2010 15:09:08.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.767.417 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pavel\Dokumenty\Downloads\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-23 do 2010-09-23 )))))))))))))))))))))))))))))))
.
2010-09-23 12:05 . 2010-09-23 12:06 -------- d-----w- c:\program files\uTorrent
2010-09-23 08:43 . 2010-09-23 08:43 -------- d-----w- C:\Downloads
2010-09-20 17:10 . 2010-09-20 17:10 -------- d-----w- c:\windows\Logs
2010-09-17 18:10 . 2010-09-17 18:10 -------- d-----w- c:\program files\Endless Slideshow Screensaver
2010-09-17 18:10 . 2010-03-29 16:18 3654656 ----a-w- c:\windows\Endless-Slideshow.scr
2010-09-15 16:25 . 2010-09-15 16:25 -------- d-----w- c:\program files\VS Revo Group
2010-09-14 15:03 . 2010-09-14 15:04 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-09-14 15:03 . 2010-09-14 15:03 -------- d-----w- c:\windows\system32\LogFiles
2010-09-14 15:03 . 2008-01-09 10:28 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-09-14 14:56 . 2010-09-15 04:23 -------- dc----w- c:\windows\system32\DRVSTORE
2010-09-14 14:49 . 2010-09-15 04:24 -------- d-----w- c:\program files\Common Files\Teleca Shared
2010-09-14 14:48 . 2010-09-14 14:48 -------- d-----w- c:\windows\Downloaded Installations
2010-09-14 14:44 . 2008-04-13 22:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-09-14 14:44 . 2008-04-13 22:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-09-13 14:13 . 2008-04-14 06:51 27648 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-09-13 14:13 . 2008-04-14 06:51 27648 ----a-w- c:\windows\system32\irmon.dll
2010-09-13 14:13 . 2008-04-14 06:52 152064 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-09-13 14:13 . 2008-04-14 06:52 152064 ----a-w- c:\windows\system32\irftp.exe
2010-09-13 14:13 . 2008-04-14 06:52 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-09-13 14:13 . 2008-04-14 06:52 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-09-13 13:57 . 2008-04-13 22:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-09-13 04:48 . 2010-09-13 04:48 -------- d-----w- C:\ProgramData
2010-09-13 04:42 . 2010-09-13 04:45 -------- d-----w- C:\totalcmd
2010-09-13 04:42 . 2006-10-31 05:00 545 ----a-w- c:\windows\UC.PIF
2010-09-13 04:42 . 2006-10-31 05:00 545 ----a-w- c:\windows\RAR.PIF
2010-09-13 04:42 . 2006-10-31 05:00 545 ----a-w- c:\windows\PKZIP.PIF
2010-09-13 04:42 . 2006-10-31 05:00 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-09-13 04:42 . 2006-10-31 05:00 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-09-13 04:42 . 2006-10-31 05:00 545 ----a-w- c:\windows\LHA.PIF
2010-09-13 04:42 . 2006-10-31 05:00 545 ----a-w- c:\windows\ARJ.PIF
2010-09-12 11:59 . 2010-09-12 11:59 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-09-11 11:29 . 2009-08-13 15:24 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2010-09-10 19:48 . 2009-07-31 08:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-09-10 19:48 . 2009-07-31 08:05 1372672 ------w- c:\windows\system32\msxml6.dll
2010-09-10 19:48 . 2008-04-14 06:00 80896 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-09-10 19:48 . 2008-04-14 06:00 80896 ------w- c:\windows\system32\msxml6r.dll
2010-09-10 19:43 . 2008-04-14 06:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-09-10 19:38 . 2010-09-10 19:38 -------- d-----w- c:\windows\EHome
2010-09-10 18:06 . 2010-09-10 18:06 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2010-09-10 18:05 . 2010-09-10 18:06 298104 ----a-w- c:\windows\system32\imon.dll
2010-09-10 18:05 . 2010-09-10 18:06 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2010-09-10 18:04 . 2010-09-23 13:09 -------- d-----w- c:\program files\ESET
2010-09-10 12:27 . 2010-09-23 09:36 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000002-100A1102}.dat
2010-09-10 12:27 . 2010-09-23 09:36 288 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-0000000A-00001102-00000002-100A1102}.dat
2010-09-10 12:26 . 2010-09-10 12:26 -------- d-----w- c:\documents and settings\Slávka
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 17:47 . 2010-09-09 18:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-20 17:09 . 2010-09-09 19:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-17 15:07 . 2010-09-09 19:33 -------- d-----r- c:\program files\Skype
2010-09-14 14:48 . 2010-09-09 18:58 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-13 18:51 . 2006-03-02 12:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2010-09-13 18:51 . 2006-03-02 12:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2010-09-10 19:49 . 2010-09-09 18:39 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-09-10 19:49 . 2010-09-09 18:39 2684 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-09-10 18:46 . 2010-09-09 18:39 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-09-10 16:11 . 2010-09-09 19:21 -------- d-----w- c:\program files\Opera
2010-09-10 15:50 . 2010-09-09 18:58 -------- d-----w- c:\program files\Creative
2010-09-09 19:35 . 2010-09-09 19:35 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-09-09 19:33 . 2010-09-09 19:33 -------- d-----w- c:\program files\Common Files\Skype
2010-09-09 19:06 . 2010-09-09 19:05 -------- d-----w- c:\program files\ATI Technologies
2010-09-09 18:40 . 2010-09-09 18:40 -------- d-----w- c:\program files\microsoft frontpage
2010-09-09 18:36 . 2010-09-09 18:36 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-17 13:17 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:46 . 2006-03-02 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:33 . 2006-03-02 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-08-28 24576]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 339968]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-09-10 949376]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [10.9.2010 20:06 15424]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [14.9.2010 17:03 27632]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.orbitdownloader.com
LSP: imon.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-23 15:13
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(1608)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-09-23 15:15:25
ComboFix-quarantined-files.txt 2010-09-23 13:15
Před spuštěním: Volných bajtů: 146 878 136 320
Po spuštění: Volných bajtů: 147 160 563 712
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 9AFFBA9713B2F160F1C14DAC89D09DD8
nevíte co s tím?
ComboFix 10-09-22.06 - Pavel 23.09.2010 15:09:08.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.767.417 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pavel\Dokumenty\Downloads\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-23 do 2010-09-23 )))))))))))))))))))))))))))))))
.
2010-09-23 12:05 . 2010-09-23 12:06 -------- d-----w- c:\program files\uTorrent
2010-09-23 08:43 . 2010-09-23 08:43 -------- d-----w- C:\Downloads
2010-09-20 17:10 . 2010-09-20 17:10 -------- d-----w- c:\windows\Logs
2010-09-17 18:10 . 2010-09-17 18:10 -------- d-----w- c:\program files\Endless Slideshow Screensaver
2010-09-17 18:10 . 2010-03-29 16:18 3654656 ----a-w- c:\windows\Endless-Slideshow.scr
2010-09-15 16:25 . 2010-09-15 16:25 -------- d-----w- c:\program files\VS Revo Group
2010-09-14 15:03 . 2010-09-14 15:04 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-09-14 15:03 . 2010-09-14 15:03 -------- d-----w- c:\windows\system32\LogFiles
2010-09-14 15:03 . 2008-01-09 10:28 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-09-14 14:56 . 2010-09-15 04:23 -------- dc----w- c:\windows\system32\DRVSTORE
2010-09-14 14:49 . 2010-09-15 04:24 -------- d-----w- c:\program files\Common Files\Teleca Shared
2010-09-14 14:48 . 2010-09-14 14:48 -------- d-----w- c:\windows\Downloaded Installations
2010-09-14 14:44 . 2008-04-13 22:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-09-14 14:44 . 2008-04-13 22:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-09-13 14:13 . 2008-04-14 06:51 27648 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-09-13 14:13 . 2008-04-14 06:51 27648 ----a-w- c:\windows\system32\irmon.dll
2010-09-13 14:13 . 2008-04-14 06:52 152064 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-09-13 14:13 . 2008-04-14 06:52 152064 ----a-w- c:\windows\system32\irftp.exe
2010-09-13 14:13 . 2008-04-14 06:52 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-09-13 14:13 . 2008-04-14 06:52 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-09-13 13:57 . 2008-04-13 22:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-09-13 04:48 . 2010-09-13 04:48 -------- d-----w- C:\ProgramData
2010-09-13 04:42 . 2010-09-13 04:45 -------- d-----w- C:\totalcmd
2010-09-13 04:42 . 2006-10-31 05:00 545 ----a-w- c:\windows\UC.PIF
2010-09-13 04:42 . 2006-10-31 05:00 545 ----a-w- c:\windows\RAR.PIF
2010-09-13 04:42 . 2006-10-31 05:00 545 ----a-w- c:\windows\PKZIP.PIF
2010-09-13 04:42 . 2006-10-31 05:00 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-09-13 04:42 . 2006-10-31 05:00 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-09-13 04:42 . 2006-10-31 05:00 545 ----a-w- c:\windows\LHA.PIF
2010-09-13 04:42 . 2006-10-31 05:00 545 ----a-w- c:\windows\ARJ.PIF
2010-09-12 11:59 . 2010-09-12 11:59 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-09-11 11:29 . 2009-08-13 15:24 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2010-09-10 19:48 . 2009-07-31 08:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-09-10 19:48 . 2009-07-31 08:05 1372672 ------w- c:\windows\system32\msxml6.dll
2010-09-10 19:48 . 2008-04-14 06:00 80896 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-09-10 19:48 . 2008-04-14 06:00 80896 ------w- c:\windows\system32\msxml6r.dll
2010-09-10 19:43 . 2008-04-14 06:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-09-10 19:38 . 2010-09-10 19:38 -------- d-----w- c:\windows\EHome
2010-09-10 18:06 . 2010-09-10 18:06 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2010-09-10 18:05 . 2010-09-10 18:06 298104 ----a-w- c:\windows\system32\imon.dll
2010-09-10 18:05 . 2010-09-10 18:06 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2010-09-10 18:04 . 2010-09-23 13:09 -------- d-----w- c:\program files\ESET
2010-09-10 12:27 . 2010-09-23 09:36 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000002-100A1102}.dat
2010-09-10 12:27 . 2010-09-23 09:36 288 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-0000000A-00001102-00000002-100A1102}.dat
2010-09-10 12:26 . 2010-09-10 12:26 -------- d-----w- c:\documents and settings\Slávka
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 17:47 . 2010-09-09 18:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-20 17:09 . 2010-09-09 19:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-17 15:07 . 2010-09-09 19:33 -------- d-----r- c:\program files\Skype
2010-09-14 14:48 . 2010-09-09 18:58 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-13 18:51 . 2006-03-02 12:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2010-09-13 18:51 . 2006-03-02 12:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2010-09-10 19:49 . 2010-09-09 18:39 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-09-10 19:49 . 2010-09-09 18:39 2684 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-09-10 18:46 . 2010-09-09 18:39 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-09-10 16:11 . 2010-09-09 19:21 -------- d-----w- c:\program files\Opera
2010-09-10 15:50 . 2010-09-09 18:58 -------- d-----w- c:\program files\Creative
2010-09-09 19:35 . 2010-09-09 19:35 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-09-09 19:33 . 2010-09-09 19:33 -------- d-----w- c:\program files\Common Files\Skype
2010-09-09 19:06 . 2010-09-09 19:05 -------- d-----w- c:\program files\ATI Technologies
2010-09-09 18:40 . 2010-09-09 18:40 -------- d-----w- c:\program files\microsoft frontpage
2010-09-09 18:36 . 2010-09-09 18:36 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-17 13:17 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:46 . 2006-03-02 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:33 . 2006-03-02 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-08-28 24576]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 339968]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-09-10 949376]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [10.9.2010 20:06 15424]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [14.9.2010 17:03 27632]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.orbitdownloader.com
LSP: imon.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-23 15:13
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(1608)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-09-23 15:15:25
ComboFix-quarantined-files.txt 2010-09-23 13:15
Před spuštěním: Volných bajtů: 146 878 136 320
Po spuštění: Volných bajtů: 147 160 563 712
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 9AFFBA9713B2F160F1C14DAC89D09DD8